143 matches found
CVE-2022-23137
ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker could modify the parameters in the content clearing request url, and when a user clicks the url, an XSS attack will be triggered...
WordPress plugin MG AdvancedOptions 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
Tarkov Data Manager 跨站脚本漏洞
Tarkov Data Manager is a database management tool from The Hideout open source. A cross-site scripting vulnerability exists in versions of Tarkov Data Manager prior to 02/01/2025, which stems from the presence of reflective cross-site scripting in the toast notification system that could lead to ...
Jorani 跨站脚本漏洞
Jorani is a leave management system by Benjamin BALET, an individual developer in France. It is intended to provide a simple workflow for leave and overtime requests for small organizations. A cross-site scripting vulnerability exists in Jorani version 1.0.3, which stems from the presence of...
CVE-2025-34409
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Failed parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Failed value is not properly sanitized when processed via a GET request and is reflected in the response, allowing an...
NiceGUI 跨站脚本漏洞
NiceGUI is an easy-to-use, Python-based UI framework open-sourced by NiceGUI. A cross-site scripting vulnerability exists in NiceGUI 3.3.1 and earlier versions, which stems from insufficient cleanup and escaping of the ui.addcss, ui.addscss, and ui.addsass functions, and could lead to a reflectiv...
xCally Omnichannel 跨站脚本漏洞
xCally Omnichannel is an integrated communication platform from the Italian company xCally. A cross-site scripting vulnerability exists in xCally Omnichannel version v3.30.1, which stems from reflective cross-site scripting and could lead to an attacker executing malicious JavaScript code...
SAP Business Connector 跨站脚本漏洞
SAP Business Connector is a middleware from SAP, Germany. A cross-site scripting vulnerability exists in SAP Business Connector due to improper validation of user-supplied input in the PRTG Web Monitor web interface. An attacker could exploit the vulnerability to access or modify information with...
WeGIA 跨站脚本漏洞
WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A cross-site scripting vulnerability exists in WeGIA versions prior to 3.5.0 that stems from insufficient cleaning and escaping of the idpet parameter, which could lead to a reflective cross-site scriptin...
EUVD-2025-2966
Malicious code in bioql PyPI...
Codester WebWork - PHP Search Engine Script 跨站脚本漏洞
Codester WebWork - PHP Search Engine Script is an open source search engine script from Codester. A cross-site scripting vulnerability exists in Codester WebWork - PHP Search Engine Script, which stems from the fact that incorrect manipulation of the parameters q and engine can lead to reflective...
Sunnet eHRD CTMS 跨站脚本漏洞
Sunnet eHRD CTMS is a Human Resource Development and Clinical Training Management System from Sunnet China Sunnet. A cross-site scripting vulnerability exists in Sunnet eHRD CTMS that stems from a reflective cross-site scripting issue that could lead to arbitrary JavaScript code execution...
FoxCMS 安全漏洞
FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS. A security vulnerability exists in FoxCMS v1.2.6, which stems from a reflective cross-site scripting vulnerability that could lead to the execution of arbitrary JavaScript code...
Liferay Portal和Liferay DXP 跨站脚本漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
Human Resource Management System 跨站脚本漏洞
Human Resource Management System is a human resource management system by maverickosama Individual Developer. A cross-site scripting vulnerability exists in Human Resource Management System version 1.0, which stems from an unvalidated employeeid parameter and could lead to a reflective cross-site...
JetBrains TeamCity 跨站脚本漏洞
JetBrains TeamCity is a Continuous Integration CI/CD tool developed by JetBrains, Inc. to automate the software build, test and deployment process. JetBrains TeamCity suffers from a cross-site scripting vulnerability that stems from the presence of reflective cross-site scripting on the...
MedDream PACS Premium 跨站脚本漏洞
MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the radiationDoseReport.php function. No detailed...
Eclipse GlassFish 跨站脚本漏洞
Eclipse GlassFish is an open source application server from the Eclipse Foundation. A cross-site scripting vulnerability exists in Eclipse GlassFish version 7.0.15, which stems from a risk of a reflective cross-site scripting attack in the management console...
WordPress plugin Electrician - Electrical Service WordPress 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Electrician - Electrical...
WordPress plugin Hostel 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...